Are FireJail and Nod32 compatible?

Discussion in 'all things UNIX' started by SuperSapien, Apr 9, 2015.

  1. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Hi I'm new here and I would like to know is it safe to run Firejail with Eset Nod32 Antivirus 4?
    Also is Failjail comparable to SBIE's level of virtualization security?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Haven't heard of FireJail but speaking about ESET NOD32 Antivirus 4, this is a quit old version that doesn't give you sufficient protection against new borne threats. We strongly recommend using the latest version which is v8 for home users and Endpoint v6 for business users and keeping all protection features (including Live Grid) enabled.
     
  3. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I think you misunderstood. FireJail is Linux program, so OP must mean Linux version of ESET which IIRC v4 is the latest, right?
    FJ is not system wide protection (like SELinux or GRSecurity which special note is made by ESET) so it won't interfere with ESET. I don't know what do you mean by "SBIE's level of virtualization" tho I know SBIE very well.
     
  4. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Thats what Eset told me but I just wanted to verify here to find out if anybody is using this combo.And what I mean by level of virtualization is how deeply does it integrates with the kernel/system and does it block root access?

    Anyway could someone help me setup Firejail on my Ubuntu based system.:)
     
    Last edited: Apr 9, 2015
  5. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Firstly, it is not a proper place for the question. I hope a mod notice this thread and move it to all things UNIX subforum.
    I thought deBoetie use that combo, so wait him to chime in. Meanwhile, see this thread if you haven't done yet. FJ is SUID & Seccomp filter sandbox (almost same as Chrome), so in a sense it's a user-mode sandbox but eventually its power come from kernel, and importantly, seccomp reduces attack surface toward kernel, so it can protect against some kernel exploit. SBIE basically do nothing against it. Its (kind of) virtualization capability works differently from SBIE's kernel driver based redirection. FJ mounts temporary file system in private mode and discard changes on exit. What do you mean by root access? If it is root directly, I assume FJ include chroot. If it is root privilege, it depends. Basically sandboxed process should run in limited privilege but if there's escalation vulnerability, it can be problem.
    I haven't used Ubuntu quite a time but FJ offer deb package, so download and install it by "dpkg -i (file name)". Then if you want to sandbox firefox, as illustrated in the above link, type "firejail --private firefox" in terminal. It's that simple.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    My experience is with running Mint 17 x64 (in various VMs mostly) with Nod32 AV4 and the latest version of Firejail. I've experienced no problems with the combination, nor would I expect there to be, for several reasons. For one, Nod32 for Linux is AV only, it doesn't have the HIPS etc of the Windows version. Second, I understand that much of what it does is about scanning files for Windows viruses, so it won't pass those on. Third, Firejail does not modify the kernel, it's using "standard" kernel functionality, unlike something more intrusive such as Grsecurity and Pax. But the latter are not often used on general purpose desktops anyway.

    I'm not that bothered by having Nod32 to be honest, whereas I love what Firejail is doing for me, which is conceptually similar to what I want from Sandboxie on Windows (though as Yuki points out, they are somewhat different under the hood). The important thing is that it reduces system calls, prevents many opportunities for escalation, and can stop user-mode malware from "seeing" your real filesystem. Plus you can create wipe-on-exit boxes. IMO, if you're using Firefox these days, it's an important tool because FF has lagged in terms of its program sandboxing.

    Firejail is both very easy to use, and repays customisation, and significantly improves security. To that extent I much prefer it to Apparmor which is potentially even more configurable, but I've found Apparmor awkward in practice.
     
  7. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    Yeah I tried Apparmor on Linux Mint 17.1 and it was kinda of clunky experience especially in Firefox.
    Speaking of which whats the likelihood of getting infected if you watching HTML5 YouTube videos in Firefox with the plug-ins disabled?
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Less than if you used Flash!.... Obviously Flash and SL are popular attack vectors, but they aren't the only ones. All you can do is to reduce your exposure and sandbox however you can. The effort to do so with Firejail seems minimal to me, so I'd always do it.
     
  9. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I also use Noscript, Request Policy, BluHell Firewall and OpenDNS (free). What is SL?
     
  10. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @SuperSapien - sorry too many abbreviations - Silverlight plugin. Has had some bugs, not as many as Flash, but that's no advert....
     
  11. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    118
    I just tried to install FJ and I got an error message from Netrunner 14.1 maybe it's because I used the Qapt Package installer. By the way how do I install it with dpkg?
     
Loading...